package com.lby.graduation.config;

import com.lby.graduation.service.impl.UserDetailsServiceImpl;
import com.lby.graduation.util.securityHandel.AuthenticationSuccessHandler;
import com.lby.graduation.util.securityHandel.LogoutSuccessHandler;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;

import javax.annotation.Resource;

/**
 * WebSecurityConfigurerAdapter是Spring提供的对安全配置的适配器
 * 使用@EnableWebSecurity来开启Web安全
 */

@EnableWebSecurity/*开启安全管理配置*/
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    UserDetailsServiceImpl userDetailsService;
    @Resource
    AuthenticationSuccessHandler authenticationSuccessHandler;
    @Resource
    AuthenticationFailureHandler authenticationFailureHandler;
    @Resource
    AccessDeniedHandler accessDeniedHandler;
    @Resource
    LogoutSuccessHandler logoutSuccessHandler;

    /*自定义身份认证*/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /*密码编译器*/
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        /*使用UserDetails进行身份认证*/
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
        super.configure(auth);
    }
    /*自定义用户权限*/

    /**
     * 重写configure方法来满足我们自己的需求
     * 此处允许Basic登录
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //定制请求的授权规则
        //首页所有人可以访问
        /*自定义访问控制*/
        /* .authorizeRequests() //对请求进行授权
                .anyRequest()  //任何请求
                .authenticated();   //都需要身份认证*/
        http.authorizeRequests()
                .antMatchers("/").permitAll()//表示放行“/”访问
                .antMatchers("upload/**").permitAll()
                .antMatchers("/user/**").permitAll()
                .antMatchers("/orders/**").permitAll()
                .antMatchers("/goods/**").permitAll()
                .antMatchers("/admin/**").hasAuthority("admin")
                .antMatchers("/tourist/**").hasAnyAuthority("admin", "user", "tourist")
                .anyRequest().permitAll()
                .and()
                .formLogin()//没有权限跳回的登录页
                .loginPage("http://127.0.0.1:8848/graduation/page/login.html")//登录页，当未登录时会重定向到该页面
                //.successHandler(authenticationSuccessHandler)
                //.failureHandler(authenticationFailureHandler)
                .usernameParameter("username")//默认的用户名参数
                .passwordParameter("password")//默认的用户密码参数
                //表单提交的url
                .loginProcessingUrl("/doLogin/createToken")
                .permitAll()
                .failureUrl("http://127.0.0.1:8848/graduation/page/login.html")
                .and()
                .logout()
                .logoutSuccessUrl("http://127.0.0.1:8848/graduation/page/login.html").permitAll()
                .and()
                .cors()
                .and()
                .csrf().disable();//关闭打开的csrf保护，解决security和ajax跨域403的问题;
         /*CSRF（Cross Site Request Forgery, 跨站域请求伪造）是一种网络的攻击方式
         * CSRF本质是盗用cookie, 无cookie方案就可以禁用*/










                /* http.cors();
                 http.csrf().disable();*///关闭打开的csrf保护，解决security和ajax跨域403的问题;
                 //.defaultSuccessUrl("/")






    }
}
